SSVChecker (Static Security Vulnerability Checker) is an Eclipse plug-in tool developed to aid software developers in identifying
potential security vulnerabilities during software development in a user-friendly, commonly used IDE. SSVChecker provides an interface in which software developers can execute any
existing static analysis security vulnerability detection tool(s) and view the results from one or more these tools.

SSVChecker provides software developers with the following unique features:

Provides features not found in other security vulnerability detection tools (e.g., union and intersection of the results of multiple tools) that better aids developers in identifying potential
security vulnerabilities.

Modifies the traditional operations of union and intersection (i.e., allowing multiple descriptions of potential vulnerabilities detected on the same line of source code), providing more
information for each vulnerability, to assist developers in correcting potential security vulnerabilities.

Adapts to the results of user-performed analysis to prevent repeatedly reporting user-dismissed security vulnerabilities allowing developers to concentrate on those flagged security
vulnerabilities that still warrant attention.

With these features, SSVChecker provides an interface in which both novice and expert software developers can develop secure software applications with the assistance of detection
tools that can flag potential security vulnerabilities, provide explanations of the security flaw and provide suggestions for removing the possible security vulnerability.

You can now view a demonstration of SSVChecker here (you will need Macromedia Flash Player installed).
This demonstration will give a brief overview of the features of SSVChecker and show how to use the tool from within the Eclipse IDE.

Note: the SSVChecker example demonstration was made using DebugMode's Wink 2.0.

Notice for tuits4: tuits4 is based off of ITS4 from Cigital. It was modified May of 2006. It has been modified as follows:
ITS4 was modified to reduce the number of false positives by adding some
additional analysis to reduce the number of reported vulnerabilities produced
for the printf function. Further, to help reduce the number of vulnerabilities
not reported, ITS4 was modified to include a number of additional vulnerable,
Windows-specific functions so that they, too, would be checked during execution.